Andrew E. Bigart – LexBloghttps://www.lexblog.com
Legal news and opinions that matterSun, 15 Sep 2019 09:15:35 +0000en-UShourly1https://wordpress.org/?v=4.9.11https://www.lexblog.com/wp-content/uploads/2018/10/cropped-favicon-1-32x32.pngAndrew E. Bigart – LexBloghttps://www.lexblog.com
3232DOJ Reverses Course on the Wire Act, Changing the Odds on the State-Regulated Gambling Industryhttps://www.lexblog.com/2019/02/06/doj-reverses-course-on-the-wire-act-changing-the-odds-on-the-state-regulated-gambling-industry/
Wed, 06 Feb 2019 18:07:45 +0000https://www.lexblog.com/2019/02/06/doj-reverses-course-on-the-wire-act-changing-the-odds-on-the-state-regulated-gambling-industry/The regulatory framework for online gambling recently took a wild turn when the Department of Justice Office of Legal Counsel (“OLC”) announced its view that the Wire Act (18 U.S.C. § 1084) applies to all forms of gambling—not merely sports betting. This marked a 180-degree reversal from the stance the OLC took just seven years earlier. The OLC’s 2011 opinion—which itself departed from public positions the DOJ had previously taken—was the foundation upon which today’s state-regulated online gambling industry is built. Four states—Delaware, Nevada, New Jersey and Pennsylvania—currently allow online gambling, and Michigan came close to legalizing it at the end of last year, although outgoing Governor Snyder vetoed the bipartisan bill in a surprise move. The OLC’s follow-on announcement gives now-unlawful online gambling businesses 90 days to bring their operations into compliance with federal law before Wire Act enforcement will begin under this newly expanded view. Below, we contemplate what enforcement of the industry will look like in light of this recent announcement.

Perhaps we will see a Cole memo-esque enforcement regime, where the feds will exercise discretion not to prosecute well-behaved online gambling businesses operated in accordance with robust state regulatory frameworks. After all, legal online gambling businesses and their service providers are already subject to extensive vetting, and in Delaware, online gambling is state-run. Regardless, we expect the DOJ to publish internal guidelines for how the feds should prosecute cases—this is a model that has been used in other areas, and would presumably outline the specific factors under which proposed enforcement would be reviewed and approved.

The OLC memo itself previews other likely outcomes, including legal challenges from the very industry that it seeks to dismantle. Indeed, OLC suggests that the likelihood of legal challenges and the added benefit of judicial interpretation of the Wire Act weighs in favor of reversing its 2011 stance. (Our legal eagle readers may also be interested to know that OLC’s reversal is particularly unusual given that the office prides itself on its independence and purportedly abides by the guiding principle that past OLC opinions should be given “great weight” and “should not [be] lightly depart[ed] from . . . particularly where they directly address and decide a point in question.”). In that respect, it’s worth noting that at least two federal circuits have reached the opposite conclusion and held that the Wire Act applies only to sports betting. Notably, one of these decisions dates back to 2001—well before the 2011 OLC opinion that birthed the legal online gambling industry. The OLC also suggests that Congress could step in to clear up the confusion over the proper scope of the Wire Act and to protect the reliance interests of the industry, although with reports of powerful gaming interests seemingly supportive of the OLC opinion, we think that an unlikely outcome.

The new OLC opinion is surprising on many levels, not least of which because it comes so closely on the heels of the Supreme Court’s May 2018 Murphy decision, which paved the way for legalized sports betting—but for the Wire Act. Indeed, after Murphy held that the 1992 Professional and Amateur Sports Protection Act (“PASPA”), which prohibited states from legalizing sports betting, was unconstitutional, several states passed laws authorizing regulated sports betting.

Even though states were free to legalize sports betting after the fall of PASPA, the Wire Act still stood as an obstacle to online sports betting. That’s because it prohibits both wire transmissions of “bets or wagers” and “information assisting in the placing of bets or wagers,” but exempts only the latter when the transmission is from one legal state to another legal state. Undeterred, states and sports betting operators alike seemed comfortable with that risk, possibly in reliance on the much newer Unlawful Internet Gambling Enforcement Act of 2006 (“UIGEA”). The UIGEA looks to state law to define what constitutes “unlawful internet gambling” and expressly states that “intermediate routing of electronic data shall not determine the location or locations in which a bet or wager is initiated, received, or otherwise made.” In other words, if the bet or wager is legal in the state(s) where it is placed and received, then it does not violate the UIGEA, even if the information transits an unlawful state on its way through cyberspace.

Any states and operators thinking that the 2006-enacted UIGEA (where the “IG” stands for internet gambling) surely would trump the Wire Act—enacted long before the internet in 1961—were disabused of that notion last week when the OLC went out of its way to conclude “that the 2006 enactment of UIGEA did not alter the scope of the Wire Act.”

This is a surprising turn of events, and we think there will be more to come as states and the industry grapple with the implications of the announcement. Stay tuned for more.

]]>Mastercard Targets Negative Options In 2019 – Demands Transparencyhttps://www.lexblog.com/2019/01/14/mastercard-targets-negative-options-in-2019-demands-transparency/
Mon, 14 Jan 2019 20:26:25 +0000https://www.lexblog.com/2019/01/14/mastercard-targets-negative-options-in-2019-demands-transparency/As 2019 goes into full swing, it’s important for providers of payment processing services (referred to here as “acquirers”) and their merchants or submerchants to prepare for the various regulatory and industry changes coming this year. One such significant change comes in the form of Mastercard’s updated rules for negative option billing programs.

Set to take effect on April 12, 2019, Mastercard’s new rules will tighten consumer protection requirements for negative option merchants and their acquirers that process Mastercard transactions. Several laws such as the Electronic Fund Transfer Act, the Restore Online Shoppers’ Confidence Act, and various state laws already apply to negative option billing programs, but Mastercard’s new rules go even further. Among other things, the rules include a requirement for merchants to notify consumers at the end of a trial period before charging the consumer.

Applicability

Notably, the new rules cover any card-not-present transaction where the consumer purchases a subscription to automatically receive a physical product (such as cosmetics, healthcare products, or vitamins) on a recurring basis. Fully digital services are not covered.

This means the rules apply to free trial offers and most forms of negative option programs involving product sales. The negative option plan may be initiated by a free trial, nominally priced trial, or no trial at all. However, if a trial is used, special rules apply to ensure the consumer is aware of and consents to subsequent payments at the trial’s conclusion.

The Rules

High-Risk Classification: Acquirers must use MCC code 5968 (Direct Marketing – Continuity/Subscription Merchants) and TCC T (non-face-to-face) to identify all non-face-to-face negative option billing transactions. These transactions and their merchants will be classified as high-risk.

MRP Registration: Acquirers must register negative option billing merchants, as well as any third-party service providers with access to account data, in the Mastercard Registration Program (MRP).

Verification: At the time of registration, acquirers must verify that the negative option merchant is compliant with all applicable laws, rules, and regulations (including these new Mastercard rules).

Monitoring: In addition to general authorization monitoring requirements, acquirers of negative option merchants must monitor authorizations to identify when the same account number appears across different negative option merchant IDs in the acquirer’s portfolio.

Acquirers must ensure that such merchants implement real-time and batch procedures to continually monitor simultaneous, multiple transactions using the same account number and consecutive or excessive attempts using the same account number.

Acquirers must ensure that each negative option merchant complies with Mastercard’s fraud control standards and maintains a chargeback ratio below the Excessive Chargeback Program thresholds.

Screening: For prospective high-risk negative option merchants, acquirers must identify any third-party service providers with access to account data, and ensure that the service provider is registered in the MRP system.

Trial Offers: If the merchant offers a trial, after the trial period has expired, the merchant must provide the following information and receive the cardholder’s explicit consent before charging the consumer pursuant to the negative option:

The transaction amount

The payment date of the transaction

The merchant’s name (as it will appear on the cardholder’s statement)

Instructions for terminating recurring payments

For E-Commerce transactions, the trial period must begin on the date when the cardholder receives the product.

E-commerce merchants must also provide a direct link to an online cancellation procedure on the same website where the negative option transactions are initiated.

Transaction Information: After each approved authorization request, the negative option merchant must provide the consumer with a transaction information document through email or other electronic means with cancellation instructions. If the authorization is unsuccessful, the merchant must send a document explaining why the transaction failed.

Also, all subsequent recurring payments must be processed using the same merchant ID and merchant name used in the initial payment transaction. The merchant must also provide the cardholder with written confirmation in either hard copy or electronic format when the recurring payments have been terminated.

Bottom Line

These requirements demand significant changes to the negative option industry and will likely have a major impact on a range of business models reliant on continuity plans and trial offers. In particular, the requirement that merchants receive explicit authorization to begin recurring payments at the conclusion of a trial period is likely to be disruptive to say the least.

How businesses will adapt remains to be seen. But with April 12th less than 90 days away, negative option merchants and their acquirers must be prepared.

]]>CBD Update: The FDA Commissioner Cannot Ignore the Buzz – But Is Further Deregulation on the Horizon?https://www.lexblog.com/2019/01/09/cbd-update-the-fda-commissioner-cannot-ignore-the-buzz-but-is-further-deregulation-on-the-horizon/
Wed, 09 Jan 2019 16:28:00 +0000https://www.lexblog.com/2019/01/09/cbd-update-the-fda-commissioner-cannot-ignore-the-buzz-but-is-further-deregulation-on-the-horizon/With the ink on the president’s signature barely dry, the commissioner of the U.S. Food and Drug Administration (FDA) – Dr. Scott Gottlieb – issued a statement letting everyone know that the agency is aware of the implications of the Agriculture Improvement Act of 2018 (a/k/a the Farm Bill). As we reported last month, CBD derived from hemp may not be “marijuana” any longer, but the laws that the FDA enforces continue to prohibit (at least, in the FDA’s view) the manufacture and distribution of foods and dietary supplements containing CBD. Dr. Gottlieb took this opportunity to reiterate the agency’s position, noting that “it’s unlawful under the [Federal Food, Drug and Cosmetic Act] to introduce food containing CBD or THC into interstate commerce, or to market CBD or THC products as, or in, dietary supplements, regardless of whether the substances are hemp-derived.”

The commissioner also indicated, however, that the agency will initiate a process for reexamining current policy, stating:

In addition, pathways remain available for the FDA to consider whether there are circumstances in which certain cannabis-derived compounds might be permitted in a food or dietary supplement. Although such products are generally prohibited to be introduced in interstate commerce, the FDA has authority to issue a regulation allowing the use of a pharmaceutical ingredient in a food or dietary supplement. We are taking new steps to evaluate whether we should pursue such a process. However, the FDA would only consider doing so if the agency were able to determine that all other requirements in the FD&C Act are met, including those required for food additives or new dietary ingredients.

Is significant change imminent? Although some have suggested that it is, we think the answer is hazy. Dr. Gottlieb’s statement noted only that the agency would hold a public meeting at which stakeholders could share their experiences and challenges with CBD-containing products. Neither a timetable nor any further actions were described. In the meantime, the FDA will continue to initiate enforcement actions based upon previously stated enforcement priorities. Any change in the near future seems unlikely.

What does this mean for banks and payment processors? Our previous recommendations still hold true. Confirm the legality of your customer’s business, conduct thorough due diligence in accordance with best practices followed for managing higher-risk customers, and maintain heightened monitoring requirements. For further details, please review our initial posting on the Farm Bill.

]]>New Farm Bill Cracks Open Door to Processing for Legalized Hemp and CBD Oilhttps://www.lexblog.com/2018/12/21/new-farm-bill-cracks-open-door-to-processing-for-legalized-hemp-and-cbd-oil/
Fri, 21 Dec 2018 22:07:29 +0000https://www.lexblog.com/2018/12/21/new-farm-bill-cracks-open-door-to-processing-for-legalized-hemp-and-cbd-oil/Signed into law on December 20, 2018, the 2018 Farm Bill may present a tremendous opportunity for banks and payments companies to provide banking, processing, and other services to the hemp industry. We expect a variety of companies to move swiftly in developing, marketing, and selling products (including CBD oil) that, until yesterday, were controlled substances. This means that banks and payment processors should be prepared for a flood of inquiries from the industry about opening bank, merchant processing, and other financial accounts.

While the Farm Bill “legalizes” hemp, there remain a number of open questions that financial institutions should consider before they start serving the industry. This article provides a brief overview of the Farm Bill’s impact on the legal status of hemp, highlights some of the open questions, and provides suggested best practices for banks and processors seeking to work with the hemp industry.

Summary of the Farm Bill’s Hemp Provisions

The 2018 Farm Bill mandates the creation of a new regulatory regime for the production and sale of hemp, and products made from hemp, which have been prohibited under federal law. The Controlled Substances Act (“CSA”) prohibits the possession, manufacture, and distribution of anything meeting the definition of “mari[j]uana.” Until yesterday, virtually all parts of the Cannabis sativa L. (“Cannabis”) plant, and anything containing a compound derived from the plant (but for a few limited exemptions), were deemed marijuana. The Farm Bill changes this by exempting hemp – including any part, extract, or derivative of the Cannabis plant with a delta-9 tetrahydrocannabinol (“THC”) concentration of not more than 0.3 percent on a dry weight basis – from the definition of marijuana. For example, a CBD product that has been prohibited as “mari[j]uana” will no longer violate the CSA, if it meets the Farm Bill’s definition of hemp.

Where the Farm Bill legalizes hemp, it also sketches out a regulatory framework in new Subtitle G to the Agricultural Marketing Act of 1946 (7 U.S.C. § 1621 et seq.). Subtitle G sets forth a regulatory scheme by which states and Indian tribes may seek primary regulatory authority over hemp production in their territories by submitting monitoring and regulation plans to, and receiving approval from, the Secretary of Agriculture. And if they fail to do so, hemp production may proceed only under a federal regulatory scheme to be developed by the Secretary.

What Does this Mean for Banks and Payment Processors?

While the 2018 Farm Bill opens the door to lawful hemp production in the United States, there are a number of open questions that banks, processors, and other financial services providers should consider before they start serving the industry. Media and industry advocates have focused primarily on the fact that hemp has been legalized, but there has been relatively little commentary addressing the fact that hemp will be subject to robust regulatory oversight at both the federal and state levels. For banks and processors interested in this industry, understanding the nuances of this regulatory framework will be critical to providing banking and processing services in a safe and sound manner.

1. Is Hemp Production Legal Today?

As has been reported extensively in the media, the Farm Bill exempts hemp from the legal prohibitions that apply to marijuana. But what, exactly, does this mean? Is it lawful today for industry to manufacture and sell hemp products to consumers? While perhaps a bit academic, the answer is somewhat open to debate. Although growing hemp no longer violates the CSA, the Farm Bill also states that it is unlawful to produce hemp in any state or tribal territory that does not have a state or tribal plan in place or without a federal license. As of today, there are no federal, state, or tribal licenses or regulations in place. So what does this mean for the current legal status of hemp? The Farm Bill, unfortunately, does not address this apparent gap in the legislation.

2. What Will the Future Regulatory Framework Look Like?

The Farm Bill excludes hemp from the CSA definition of marijuana but also requires that the federal government, states, and Indian tribes work together to establish a robust regulatory process for licensing and overseeing the industry. At a minimum, the framework will need to address key issues such as the licensing of hemp producers, product testing, enforcement compliance procedures, and annual inspections. The Farm Bill, however, only sketches out the basic requirements for this framework – the adoption of federal, state, and tribal regulations will take time to develop and implement.

The current lack of a regulatory regime means that banks and processors that provide services to the industry will be doing so without a clear picture of federal and state expectations. This suggests that any financial institution dealing with hemp products should do so carefully and consistent with best practices for providing services to high-risk industries.

One option would be to treat hemp producers similar to marijuana-related businesses in states where marijuana has been legalized. While marijuana remains illegal at the federal level, the federal government (through the Financial Crimes Enforcement Network) and states have provided guidance and suggested best practices for financial institutions banking or providing services to marijuana-related companies.

Moreover, there remains a question as to how states will treat hemp. While the Farm Bill provides states and tribes the ability to regulate the product, or to rely on a federal framework, nothing in the Farm Bill prohibits a state or tribe from outlawing the production, sale, or use of hemp. Also open to speculation is what the final regulatory framework will look like, and how the federal, state, and tribal plans may differ. As such, any financial institution looking to work with a hemp or CBD company will need to be mindful of potential state or tribal limitations.

3. What About Imports of Hemp?

As noted, the new Subtitle G states that it is unlawful to produce hemp in any state or tribal territory that does not have a state or tribal plan in place or without a federal license. This seems to imply that imports of hemp may be lawful today, even if you take the position that production is not – at least until the Secretary of Agriculture promulgates regulations and begins issuing licenses, or until the states and tribes submit their own regulatory plans. This leaves a gray area that banks and processors will need to navigate if they decide to provide services to hemp businesses.

4. Is CBD Oil Legal?

The Farm Bill legalizes the production and sale of CBD oil derived from hemp. What the law does not address, however, is whether hemp is capable of producing commercially viable amounts of CBD. Under the CSA, the legality of products derived from marijuana (such as CBD oil) formerly turned on the part of the plant used to produce the product. Products made from the mature stalk and seeds were excluded from the CSA definition of marijuana (and were therefore lawful), while products made from the flowering tops, resin, and leaves are included (and were unlawful). The DEA has consistently taken the position that CBD can only be produced in commercial quantities from the unlawful parts of the plant. Yet with the new exclusion of hemp from the CSA, the old dichotomy no longer applies. Products made from any part of the plant are excluded from the definition of marijuana so long as the product is low-THC (i.e., 0.3% THC or less). Thus, it remains to be seen whether industry will be able to produce CBD from hemp in commercial quantities. We leave that question to the scientists.

Finally, there remain questions about how existing laws will be reconciled with the changes to the definition of hemp. New Subtitle G grants to the Secretary of Agriculture the sole authority to promulgate federal regulations on hemp production, but also states that nothing in Subtitle G affects or modifies the Federal Food, Drug and Cosmetic Act (21 U.S.C. § 301 et seq.), section 351 of the Public Health Service Act (42 U.S.C. § 262), or the authority of the Commissioner of Food and Drugs and the Secretary of Health and Human Services under their respective statutes. This means, for example, that the FDA’s current position that dietary supplements and foods containing CBD are unlawful will continue to be of concern to the CBD industry. Although some believe that the FDA’s position is vulnerable to a legal challenge, the specter of enforcement will remain until either the agency changes its position or someone successfully challenges the FDA in court.

Best Practices for Those Looking to Process Hemp-Related Payments

Despite these present uncertainties, we suspect that many hemp businesses will forge ahead, and that banks and payment processors will explore providing services to the industry. We therefore provide the following recommendations for offering payment processing services to hemp producers.

1. Confirm the Legality of Your Customer’s Business

Any bank or processor looking to board a hemp customer should start by confirming that the customer’s operations comply with applicable laws and regulations. This may seem like a no-brainer, but there remain some open questions about when and how hemp may be produced and sold. Our view is that regulators and law enforcement will expect banks and processors to do their homework before they start banking the industry. Moreover, as discussed, there are other laws and regulations that apply to products such as CBD oil. The Farm Bill does not supersede these laws, and a bank or processor should still be careful to avoid customers that engage in unlawful, deceptive, or fraudulent practices.

2. Best Practices for Managing Higher-Risk Customers

Even if a financial institution is comfortable that a potential customer’s hemp-related business is lawful, the financial institution may still decide to treat the customer as high-risk and subject to commensurate due diligence. In particular, federal and state regulators expect banks and processors to understand their customers’ business and to monitor their customers’ transactions for signs of unlawful activity.

With respect to due diligence for hemp customers, in addition to any standard due diligence for high-risk merchants, we recommend the following additional checks:

Does the producer have a license issued by a state, Indian tribe, or the federal government?

Has the producer ever been denied a license?

Has the producer ever been subject to any corrective action plan? If so, what were the violation(s) and remediation steps, and what is the current status?

Has the producer ever been subject to any period of ineligibility? If so, what were the circumstances and what is the current status?

Has the producer ever been convicted of a felony relating to a controlled substance under state or federal law?

Just as hemp producers should be treated as high-risk merchants at onboarding, they should be subject to heightened monitoring requirements throughout their tenure with the payment processor and/or acquirer. In addition to any standard monitoring conducted on high-risk merchants, we recommend the following additional checks:

Secure contractual requirement that merchant will notify processor and/or acquiring bank immediately upon receipt of notification of any violation from state, tribal, or federal licensing authorities or regulators.

Subscribe to any available law enforcement lists or databases regarding hemp production, including information on licensing status and documented violations.

* * * * *

Despite the present uncertainties, we expect some banks and payment processors will explore ways to provide banking, payment processing, and other services to the hemp and CBD oil industries. For those interested in this opportunity, it is important that they do so in a safe, sound, and responsible manner.

]]>The FTC is Searching for the Value in Loothttps://www.lexblog.com/2018/12/04/the-ftc-is-searching-for-the-value-in-loot/
Tue, 04 Dec 2018 20:11:09 +0000https://www.lexblog.com/2018/12/04/the-ftc-is-searching-for-the-value-in-loot/The Commissioners of the FTC agreed, during an oversight hearing on November 27, 2018, to investigate the use of “loot boxes” in video games. Senator Hassan (D-NH), following up on questions she asked the newly appointed Commissioners during their confirmation hearings, specifically requested the FTC investigate loot boxes citing addiction concerns, (especially as it relates to children) and the resemblance of loot boxes in video games to gambling.

A loot box is a digital container of virtual goods that a user can purchase in-game using real-world currency. A user does not know what is in the loot box before purchasing. The loot box may contain digital goods (such as character skins, tools, weapons, etc.) that the user can use in the game. Importantly, the user cannot choose the contents of the loot box. The box could contain an extremely rare/sought-after item or the contents could be a collection of items already owned by the user (or somewhere in between).

The offering of loot boxes in video games has drawn the scrutiny of various foreign governments, and some, like Belgium and the Netherlands, have passed legislation banning the use of loot boxes.

The Entertainment Software Rating Board (“ESRB”), which is the non-profit, self-regulatory body of the video game industry, has taken the position that loot boxes are not gambling, but are more analogues to packs of game cards (“Sometimes you’ll open a pack and get a brand new holographic card you’ve had your eye on for a while. But other times you’ll end up with a pack of cards you already have”), a business model blessed by the Ninth Circuit in 2002. Chaset v. Fleer/Skybox Int’l, LP, 300 F.3d 1083, 1087.

The FTC’s agreement to investigate loot boxes continues a trend started by other U.S. law enforcement authorities in recent years. In 2017, Hawaii state representatives introduced bills requiring the labeling of games with loot boxes as harmful or addictive and restricting their sales to players over the age of 21. The bills were ultimately dropped. Earlier this year, Senator Hassan, the instigator of the FTC’s action, published an open letter demanding that the ESRB more strongly consider the ethics of the loot box model.

While the Commissioners have agreed to investigate loot boxes, it remains to be seen what form the investigation will take. We will be sure to monitor the situation, as well as any potential expansion of the investigation into other aspects of gaming.

]]>Visa Updates Rules for Marketplaceshttps://www.lexblog.com/2018/08/27/visa-updates-rules-for-marketplaces/
Mon, 27 Aug 2018 18:14:15 +0000https://www.lexblog.com/2018/08/27/visa-updates-rules-for-marketplaces/In recognition of a rapidly changing ecommerce environment, Visa has created a new category of payment aggregator – a “marketplace” – for entities that bring “together Cardholders and retailers on an electronic commerce website or mobile application.” The new marketplace designation will have an immediate impact in the ecommerce market by clarifying the status and requirements applicable to ecommerce sites looking to add payment processing services to their platforms. While this model is likely to grow in popularity, it raises a number of regulatory and compliance issues that must be taken into account.

What Is a Marketplace?

A marketplace is a type of ecommerce site that facilitates the sale of products or services by multiple third-party retailers through an online platform. While the main function of a marketplace is facilitating sales by bringing buyers and retailers together, this activity necessarily requires that a payments system be included in the platform. Traditionally, many of the largest marketplaces have incorporated payments by partnering with more traditional payment processors to handle the nuts and bolts of acquiring, clearing, and settlement. The new marketplace category will provide these websites with additional flexibility to offer their own processing solutions.

Among other requirements, to qualify as a marketplace under the Visa rules, a company must:

Offer a website or mobile application that brings together retailers and buyers;

Enter into a contract with each retailer governing the marketplace’s processing of transactions on behalf of the retailer;

Prominently display the name or brand of the marketplace on the website or application;

Manage transactions (sales and refunds) for the retailers and receive settlement for transactions on their behalf; and

Resolve or accept financial liability for cardholder disputes.

There are a number of other important limitations for marketplaces, including that no retailer on the marketplace may exceed $10 million in annual Visa volume through the marketplace, and no retailer may exceed 10% of the marketplace’s annual Visa volume. Further, the rules prohibit certain retailers from processing through a marketplace, including franchises, travel agents, and certain high-risk retailers.

What Do I Need to Know about Marketplaces?

The announcement of the marketplace designation comes at a time when “payment facilitation” has become a driving force in merchant acquiring. Under the card brand rules, a payment facilitator is a merchant service provider that is permitted to process for a group of identified sub-merchants through its own merchant account. The new marketplace designation is similar in concept, but tailored for ecommerce platforms that host numerous different retailers.

While the payment facilitator model has grown in popularity as a way to board merchants quickly and with minimal friction, it comes with a number of compliance and regulatory challenges. The same are likely applicable to the new marketplace designation.

First, as noted, Visa has established a number of rules for marketplaces. Failure to comply with these rules can result in Visa penalties and even expulsion from the network.

Second, Visa’s requirements state that a marketplace must receive settlement funds for distribution to its retailers, exposing the marketplace to federal and state regulation as a money transmitter. Payment facilitators face similar issues, but are not required to receive settlement funds. In fact, many processors now offer direct settlement to sub-merchants in part to avoid this very issue.

Third, federal regulators like the Federal Trade Commission will expect marketplaces (like other acquirers) to engage in robust due diligence of retailers and to monitor their transactions for signs of fraud or unlawful activity. The FTC, in particular, has raised concerns about the payment facilitation model and the concept of frictionless underwriting – concerns that would seem to apply with equal force to marketplaces.

* * * * *

The concept of payment aggregation has exploded in recent years, with acquirers looking for faster and more efficient ways to sign up merchants, particularly those that operate in an ecommerce environment. Visa’s new category for marketplaces will likely accelerate these developments and provide ecommerce platforms additional flexibility to board retailers quickly and with minimal friction.

]]>Cryptocurrency Addresses on OFAC Sanctions Listhttps://www.lexblog.com/2018/03/27/cryptocurrency-addresses-on-ofac-sanctions-list/
Tue, 27 Mar 2018 21:00:16 +0000https://www.lexblog.com/2018/03/27/cryptocurrency-addresses-on-ofac-sanctions-list/The Office of Foreign Assets Control (“OFAC”), responsible for enforcing U.S. economic sanctions, has taken its first steps to tackle the exploding use of digital currencies. On March 19, 2018, OFAC released a digital currency-related FAQ indicating that OFAC may include digital currency addresses on its Specially Designated Nationals (“SDN”) list of blocked persons, companies and entities.

In its guidance, OFAC defines digital currency broadly to include “sovereign cryptocurrency, virtual currency (non-fiat), and a digital representation of fiat currency.” This definition covers typical cryptocurrencies (Bitcoin, Litecoin, Ethereum, etc.) and the purportedly oil-backed “petro-gold” token issued by the government of Venezuela.

In its FAQ, OFAC states that it will use sanctions against criminal actors abusing digital currencies and emerging payment systems in addition to existing tools, such as diplomatic outreach and law enforcement authorities. To strengthen these efforts under its existing powers, OFAC stated that it “may include as identifiers on the SDN List specific digital currency addresses associated with blocked persons.” A digital currency address is an alphanumeric identifier that represents a potential destination for a digital currency transfer. Adding such addresses to the SDN List would alert the public of those addresses that have been identified as being owned by, or associated with, a blocked person.

Individuals and companies on the SDN List typically have their assets blocked, and U.S. persons are generally prohibited from dealing with them. OFAC stated that the addition of digital currency addresses would not change any OFAC compliance obligations. Those requirements remain the same regardless of whether a transaction is denominated in digital or traditional fiat currency. This means that U.S. persons, and those otherwise subject to OFAC jurisdiction (U.S. companies, permanent residents of the U.S., and anyone in the U.S.), “are responsible for ensuring that they do not engage in unauthorized transactions prohibited by OFAC sanctions, such as dealings with blocked persons or property, or engaging in prohibited trade or investment-related transactions.” This prohibition would apply to firms that facilitate or engage in online commerce or process transactions using digital currency.

The FAQ concluded by noting that exchangers of digital currencies, administrators, and other industry participants should develop tailored, risk-based compliance programs which should include SDN screening, among other appropriate measures. The adequacy of a compliance plan will depend on a variety of factors, including the type of business involved. Many of these entities – particularly exchanges and administrators – are also subject to anti-money laundering compliance obligations as “money services businesses” registered with the Financial Crimes Enforcement Network (FinCEN). See our prior article Filthy Lucre: Regulatory Risks of Digital Currency, Loot Crates, and Other Video Game Monetization Strategies for a discussion on the money service business implications for digital currencies in videogames.

Parties who identify a digital currency address or wallet that they believe is owned by or affiliated with an individual or entity on the SDN should file a report with OFAC and, if the party holds the property, take steps to block the relevant digital currency.

The OFAC FAQ is an important step in limiting illicit use of digital currencies, but its practical impact is not entirely clear at this time. Most digital currencies allow users to generate an almost unlimited number of addresses, meaning that sophisticated users are likely to use an individual address only once. This makes it difficult to track the transaction activity of such users. However, since transactions in and out of digital currency addresses are usually recorded in a blockchain ledger, the flow of funds can often be tracked further downstream.

As AML programs for digital currencies become more sophisticated, following cryptocurrency transactions, and identifying the participants, may become easier. This makes publication of addresses associated with SDN blocked persons valuable to industry participants and regulators. Listing digital currency addresses also give U.S. law enforcement and intelligence services another important data point in supporting U.S. foreign policy objectives.

The CFPB has now issued six RFIs as part of Acting Director Mulvaney’s Call for Evidence Regarding Consumer Financial Protection Bureau Functions, which we have previously covered. The RFIs provide industry participants a chance to comment on the CFPB’s rules, policies, and practices regarding investigations, examinations, enforcement actions, and external engagement.

]]>Say Goodbye to Credit Card Signature Requirementshttps://www.lexblog.com/2018/02/01/say-goodbye-to-credit-card-signature-requirements/
Thu, 01 Feb 2018 17:46:30 +0000https://lexblognetwork.wpengine.com/2018/02/01/say-goodbye-to-credit-card-signature-requirements/The days of signing your grocery receipt may be over soon, as the four major credit card brands (American Express, Discover, Visa, and Mastercard) are each making efforts to do away with signatures for various credit card transactions. The extent and geographic reach of these changes, however, are different for each brand, but one commonality is that the changes will begin in April 2018. In particular,

MasterCard will no longer require signatures for purchases in the U.S. and Canada;

Discover is doing away with the requirement in the U.S., Canada, Mexico, and the Caribbean;

American Express is eliminating the requirement globally; and

Visa is making the signature requirement optional for EMV contact or contactless chip-enabled merchants in North America.

While most credit cards currently require a signature only for point-of-sale purchases over a certain amount, the changes in April will apply to all purchases regardless of amount.

The card brands indicated that the change will help provide a more consistent and simplified checkout experience for merchants and consumers while maintaining security through various technology advances. They cited particular innovations in EMV chip technology, tokenization, multi-factor authentication, biometrics, and machine learning fraud detection algorithms as newer and more secure methods for proving identity.

American Express also reported that the need for signatures in general has declined because of the growth of contactless payment options, including card-based and mobile tap-and-pay methods, and the continued expansion of online commerce.

Merchants will still have the option, however, of collecting cardholder signatures at the point of sale if they choose, and the laws of any particular jurisdiction may still require merchants to collect signatures. Also, merchants interested in no longer requiring signatures for credit card purchases may need to update their point-of-sale systems.

]]>Digital Media Link, May 2017 – A Focus on Augmented and Virtual Realityhttps://www.lexblog.com/2017/05/26/digital-media-link-may-2017/
Fri, 26 May 2017 18:08:23 +0000https://lexblognetwork.wpengine.com/2017/05/26/digital-media-link-may-2017/In the most recent edition of Digital Media Link, we explore the legal issues surrounding new technologies, with a particular focus on augmented and virtual reality. As we have seen time and again, new technologies do not necessarily mean new statutes or case law, which usually are slow to catch up. What is a lawyer to do, then, when advising on the legal issues associated with these new technologies? We do what we were trained to do – apply the existing rules and precedents to the best of our ability, use our knowledge of the technology and these laws to project how the law will develop, and track developments as they occur. Virtual reality and augmented reality remain so new – at least from the perspective of legal jurisprudence – that we are still in the stage of applying established rules and precedents to these up and coming technologies. In the articles that follow, we take a look at several different legal issues related to these new technologies.

In this issue, we discuss CFPB Director Cordray’s recent appearance before Congress where he noted that the CFPB has started engaging in supervisory activity regarding small business lending.

We take a look at Congressional actions related to negative option (or automatic renewal) programs.

Amid the economic crisis and resulting regulatory firestorm of Dodd-Frank, we provide a self-help guide for community banks to address enterprise risk management.

We analyze the FTC’s settlement in a major prepaid card advertising case and their curiously brief announcement about it.

The House Financial Services Committee hosted a contentious hearing on the CFPB’s 2016 semi-annual reports. We have a quick recap of the 6-hour hearing covering the timing of the release of CFPB rules, consent orders, the CFPB’s leadership structure, auto lending enforcement, and more. We also include links to several related articles and presentations.

Continue reading to review the Digest. You will also find a list of upcoming industry events you may be interested in attending.

]]>FTC Settles Major Prepaid Card Advertising Case and Doesn’t Say Much about Ithttps://www.lexblog.com/2017/04/06/ftc-settles-major-prepaid-card-advertising-case-and-doesnt-say-much-about-it/
Thu, 06 Apr 2017 19:13:35 +0000https://lexblognetwork.wpengine.com/2017/04/06/ftc-settles-major-prepaid-card-advertising-case-and-doesnt-say-much-about-it/For those of us who are regular readers of FTC press releases, the allure of last week’s announcement that the FTC settled its lawsuit against prepaid card company NetSpend Corporation may be more in the substance – or lack thereof – of the announcement itself. In four sentences, the FTC simply stated that the advertiser agreed to settle, that the Commission vote approving the final order was 2-1, and that Acting Chairman Ohlhausen issued a dissenting statement.

No details were provided about the claims at issue or the monetary relief imposed on the advertiser. And the FTC did not, as it often does, publish an ancillary blog on the FTC Business Center website to educate us (albeit entertainingly) on all of the terrible things that must not be done. Is this a sign of how case announcements will be handled under the Ohlhausen administration? For companies that settle with the FTC to avoid the expense and distraction of litigating with the government, a departure from condemnatory FTC press releases would be welcome.

As for the details of the NetSpend settlement, NetSpend agreed to pay monetary relief totaling “no less than $53 million” and agreed not to misrepresent certain features about its prepaid products, including how soon funds may be available; conditions necessary to gain approval for a prepaid account; account error resolution; and the comparative benefits of the company’s prepaid products to other payment accounts and payment methods. The settlement split the complex monetary penalty into $40 million to be refunded directly to consumers and $13 million paid to the FTC to cover fees charged by the company.

The 2-1 tally approving the final order reflected a vote of former FTC Chairman Edith Ramirez, leaving us to wonder if she left any other votes behind. Commissioner Terrell McSweeny also approved the NetSpend settlement.

Acting Chairman Maureen Ohlhausen issued a dissent stating that the order imposed monetary relief not sufficiently related to the allegedly deceptive conduct. She also objected to the way in which the majority analyzed NetSpend’s use of “immediate access” claims in its ads. The Acting Chairman indicated in her statement that limiting the dissemination of truthful claims harms consumers by inhibiting their ability to identify and differentiate products and services, which in turn stifles competition. These comments echo other recent statements by Chairwoman Ohlhausen that the FTC should refocus on ensuring that “our enforcement actions address concrete consumer injury.”

Separate from the issues raised in the NetSpend complaint, the FTC has in the past cautioned consumers about hidden fees associated with the use of prepaid cards, including activation fees, transaction fees, and monthly maintenance fees. Lately, however, the Consumer Financial Protection Bureau (the “CFPB”) has had the spotlight on prepaid card issues. Last October, the CFPB issued consumer protection rules that, among other things, impose “Know Before You Owe” disclosures to give consumers information about fees associated with a prepaid account. The CFPB prepaid rules would also require prepaid companies to offer consumers protections similar to those made available by credit card companies, such as error resolution and limitations on consumer losses for lost or stolen funds.

Whether or not the CFPB rules will take effect next October as scheduled remains in question as Senate Republicans have recently taken steps to repeal the rule under the Congressional Review Act. Problems cited by opponents of the CFPB prepaid rules include that the rules are overly broad and would increase compliance costs, stifle innovation, and ultimately result in higher costs to consumers. As some of these sentiments echo the concerns raised in Acting Chairman Ohlhausen’s dissent in the NetSpend case, prepaid cards appear to be a 2017 poster child for the more business-friendly views of the Trump Administration.

In the end, the NetSpend press release may be the first example of a shift. As Chairwoman Ohlhausen explained in a recent speech, “In every case we litigate, settlement we enter, report we write, guidance we issue, blog entry we post, and tweet we ... twitter, we need to answer two questions. How were consumers harmed? And how does this action address that harm? This focus on consumer harm is part of our statutory mandate, but it is also good policy.”

In this issue, we discuss the importance of the Federal Trade Commission’s activities in the consumer finance world and the big changes on the horizon for credit reporting of public records data.

We analyze the Eastern District of North Dakota’s dismissal of the Bureau’s complaint against Intercept Corp. and its implications for enforcement actions against payment processors, and the “abusive” prong of UDAAP.

As the constitutionality of the structure of the CFPB continues to be debated, we provide an update on the PHH Corp. v. Consumer Financial Protection Bureau case, with the Trump administration weighing in through a briefing filed by Department of Justice.

Regarding debt collection, we highlight an upcoming FDCPA case that could eliminate a significant source of consumer class action litigation against many consumer finance companies. This issue also features an article from the March 2017 issue of Collector magazine on the importance of compliance management systems.

Finally, we discuss the expansion of New York’s licensing laws and the rejection of “Part EE” by the state legislature, a speed bump in the New York Department of Financial Services path to regulating many forms of fintech.

Continue reading to review the Digest. You will also find a list of upcoming industry events you may be interested in attending.

]]>Sweeping New Federal Regulations for the Prepaid Industryhttps://www.lexblog.com/2016/10/13/sweeping-new-federal-regulations-for-the-prepaid-industry/
Thu, 13 Oct 2016 13:55:11 +0000https://lexblognetwork.wpengine.com/2016/10/13/sweeping-new-federal-regulations-for-the-prepaid-industry/Note: We have revised the description of the terms of the settlement in our recent blog post on the Carribean Cruise Line TCPA matter. Click here to read the corrected post.

Having trouble sleeping and need something to read? Lucky for you the Consumer Financial Protection Bureau (the Bureau) recently released its 1700+ page final rule for prepaid accounts under the Electronic Fund Transfer Act and the Truth in Lending Act. On the other hand, if you’d rather spend your wakeless nights watching playoff baseball, we’ve got you covered with a brief summary of the rule and some implications for the prepaid industry.

What are the types of prepaid accounts subject to the rule? The final rule defines prepaid accounts to encompass a diverse group of products, including traditional general-purpose reloadable cards; non-reloadable prepaid cards; payroll cards; student financial aid disbursement cards; tax refund cards; government benefit cards; mobile wallets; person-to-person payment products; and other electronic prepaid accounts that can store funds. The rule excludes from coverage gift cards and gift certificates; accounts used for savings or reimbursements related to certain health, dependent care, and transit or parking expenses; and certain limited government program accounts.

What are the rule’s requirements? The rule will require prepaid providers to include detailed “know before you owe” disclosures in packaging, provide easy and free access to account information, limit consumers’ losses when funds are stolen or cards lost, and follow rules designed for credit cards when offering credit in connection with a prepaid account. In addition, prepaid account issuers will be required to post their agreements on their websites and submit copies to the Bureau for posting on the Bureau’s website.

When does the rule go into effect? The rule goes into effect on October 1, 2017, except for the provisions related to posting agreements with the CFPB and online, which go into effect in October 2018.

What are some of the implications for industry? The Bureau’s rule represents a significant shift in the regulatory framework for prepaid products. For many providers of these popular products, addressing the new requirements will require significant investments in resources, new internal controls, and comprehensive compliance policies and procedures.

The rule will likely create significant compliance headaches for prepaid companies that will need to be addressed in policies and procedures.

Mobile and digital prepaid account providers will need to address how to make disclosures electronically.

The prepaid industry will need to work closely with banks, lenders, and other related industries to coordinate in developing compliant products and services.

The new regulations will likely require issuers to work with legal counsel to revise agreements to account for the new requirements.

Prepaid issuers with upcoming scheduled examinations should expect the Bureau to inquire about efforts to develop appropriate compliance procedures ahead of the rule’s effective date.

If you are craving a more detailed summary, please check out our advisory available here.

]]>Don’t Import Compliance Troubles—New Supply Chain Law Goes into Effecthttps://www.lexblog.com/2016/04/20/dont-import-compliance-troubles-new-supply-chain-law-goes-into-effect/
Wed, 20 Apr 2016 20:56:09 +0000https://lexblognetwork.wpengine.com/2016/04/20/dont-import-compliance-troubles-new-supply-chain-law-goes-into-effect/In March, a new federal law quietly went into effect that places additional pressure on importers to develop compliance systems for their supply chains, including identification of items potentially made with forced labor. The Trade Facilitation and Trade Enforcement Act of 2015 (Trade Act) prohibits the import into the United States of goods, wares, articles, and merchandise mined, produced, or manufactured in a foreign country by convict, forced, or indentured labor.

The new law comes at a time when federal and state regulators are turning their focus to supply chain management as a way to combat forced labor overseas. At the National Association of Attorneys General (NAAG) 2016 Winter Meeting, for example, Attorney General Loretta Lynch gave a speech noting that the Department of Justice would prioritize human trafficking for law enforcement at all levels. Susan Coppedge, Ambassador-at-Large to Monitor and Combat Trafficking in Persons and Senior Advisor to the Secretary of State, also presented to the AGs at NAAG. Given this scrutiny, any company—regardless of industry—that imports goods from overseas should review its supply chain management policies to ensure that they are appropriately tailored to address this issue.

What Does the New Law Do?

The Trade Act closes a loophole in the U.S. Tariff Act of 1930 (19 U.S.C. § 1307), which had previously allowed the import of products made with forced labor if the “consumptive demand” for those goods in the United States exceeded domestic production. This loophole essentially swallowed the prohibition, as demand in most industries exceeds the capacity of domestic production. The new prohibition does not target specific countries or products, but rather permits U.S. Customs and Border Protection (CBP) to investigate allegations that a specific product was made using forced labor.

Why Should a Company Care?

The Trade Act places additional pressure on importers to develop compliance systems for their supply chains. Under the new law, any interested party, including competitors and public interest groups, may request that CBP investigate whether an import was produced using forced labor in another country. Following an investigation, any products found to be made in whole or in part using forced labor will be subject to exclusion and/or seizure, and may lead to investigation of the importer(s).

CBP and public interest groups are likely to look for “leads” in the U.S. Department of Labor’s List of Goods Produced by Child Labor or Forced Labor and List of Products Identified by Executive Order 13126. Although these lists do not ban the import of any of the listed products into the United States, they do identify categories of products by country that the United States has reason to believe are at risk of having been produced by child or forced labor.

Separate from the new federal law, a number of state attorneys general have created task forces focused on human trafficking. In addition, California enacted its own law in 2010, the Transparency in Supply Chains Act (CTSCA), which requires large retailers and manufacturers doing business in California to disclose on their websites their “efforts to eradicate slavery and human trafficking from [their] direct supply chain for tangible goods offered for sale.” These efforts demonstrate that states, like the federal government, are dedicating enforcement and other resources to this issue. While the federal law goes much further than the disclosure requirements of CTSCA, the bottom line is that federal and state regulators are focused more than ever on pressuring companies to police their supply chains for potential human trafficking or forced labor.

What Should a Company Do To Limit Risk?

To minimize potential risk under federal and state law, importers should confirm that they have implemented policies and procedures that are appropriately tailored for their import activities. Examples include:

Develop a comprehensive import compliance policy that addresses supply chain management, including the company’s policies for limiting the potential for human trafficking and forced labor. This policy should also address compliance with the CTSCA, which requires covered companies to post disclosures on their websites related to five specific areas: verification, audits, certification, internal accountability, and training.

All supplier agreements should require an affirmative certification by the supplier that it is aware of and in compliance with the company’s policy.

Audits should be conducted by independent third-party auditors on an annual basis.

Training programs should be provided for employees who work directly with the supply chain.

Consider joining the Customs-Trade Partnership Against Terrorism (C-TPAT) program. C-TPAT is a voluntary supply chain security program led by CBP and focused on improving the security of private companies’ supply chains with respect to terrorism.

]]>Who’s on First? The CFPB’s Recent Focus on First-Party Collectionshttps://www.lexblog.com/2015/02/03/whos-on-first-the-cfpbs-recent-focus-on-first-party-collections/
Tue, 03 Feb 2015 23:22:18 +0000https://lexblognetwork.wpengine.com/2015/02/03/whos-on-first-the-cfpbs-recent-focus-on-first-party-collections/Successful marketing leads to sales, but sometimes those sales don’t result in customers making timely payments. When that happens merchants and lenders often try to recover the cost of goods sold or loans through collections. But what are the risk for merchants seeking to collect outstanding payments? A lot, apparently, if two recent Consumer Financial Protection Bureau (“CFPB”) enforcement actions tell us anything. Although “first-party” collections are largely exempt from the Fair Debt Collections Practices Act (“FDCPA”), the CFPB has begun using its enforcement powers to challenge first-party collection practices, including those used by retail merchants and other lenders.

In CFPB v. Freedom Stores, Inc., the CFPB (and several states) alleged that a Virginia-based retailer that operates near military bases nationwide engaged in unfair and deceptive collection practices by filing illegal lawsuits in distant forums, debiting consumers’ accounts without authorization, and contacting service members’ commanding officers. To settle the allegations, Freedom Stores paid over $2.5 million in partial refunds to affected consumers. Similarly, inIn re DriveTime, a “buy-here, pay-here” car dealer paid an $8 million penalty to settle allegations that the company engaged in various unlawful collection practices.

These actions demonstrate the need for first-party creditors to implement appropriate collection policies and procedures or else risk CFPB scrutiny. At a minimum, creditors should consider the following when engaging in collections:

Develop a compliance management system (“CMS”) that is integrated into the entity’s framework for product design, delivery, and administration;

Consider voluntarily following the requirements of the FDCPA;

Implement a process for regular internal and external compliance audits to review operations for compliance with applicable legal requirements;

Investigate consumer complaints related to its lending and collection practices and take prompt corrective action to address such complaints or any other indications of systemic weaknesses that pose a risk to consumers; and

Monitor their business relationships with service providers to ensure compliance with federal financial and consumer protection laws.

Taking these steps can go a long way to protecting your business, especially if the CFPB comes around asking questions about your collection efforts.